RSS

How-To Geek

Do you store sensitive files on Dropbox or another cloud storage service? Encrypt them with EncFS for Linux, an encrypting file system that transparently encrypts and decrypts each individual file with your encryption key. There’s also an experimental Windows build.

EncFS works differently from a TrueCrypt container, which stores your encrypted files in a single large file. Instead, EncFS creates separate files for each file you add. It works better with cloud storage services that would re-upload the entire TrueCrypt container each time it’s changed.

EncFS Setup on Linux

Run the following command to install EncFS on Ubuntu:

sudo apt-get install encfs

On other distributions of Linux, look for the EncFS package in your package manager and install it.

Run the following command to create a new EncFS encrypted volume:

encfs ~/Dropbox/encrypted ~/Private

This creates two directories. The directory at Dropbox/encrypted in your home folder is where the encrypted versions of your files will be saved – they’re in the Dropbox folder, so Dropbox will sync them. The Private folder in your home folder is where the decrypted versions of your files will be accessible. You can specify any location you prefer for either.

You’ll be asked several questions after running this commands. The default paranoia mode (type p when prompted) should work well, but you can also type x for expert configuration mode.

EncFS will prompt you to create a password for your encrypted volume. Remember this password – if you forget it, you won’t be able to access your files.

Using EncFS on Linux

Place files in the Private folder you created earlier. This is also where you can access the decrypted versions of your files.

Encrypted versions of the files will be stored in your /Dropbox/encrypted folder. Dropbox will synchronize them across your computers – no one can access their contents without your password. You can mount the EncFS directory on multiple computers (use the same encfs command) to use your encrypted files on each.

Very Important Information:

Do not place files in your /Dropbox/encrypted folder – ignore this folder. Place files in the Private folder instead. If you place files directly in the /Dropbox/encrypted folder, they won’t be encrypted.

Do not delete or lose the .encfs.xml file (it’s hidden by default – press Ctrl+H in Nautilus to view hidden files). You should probably create a backup of this file – if you lose it, you’ll also lose access to your encrypted files.

Remounting the File System

EncFS won’t automatically mount itself after you restart your system – if you log out and log back in, you won’t be able to access your files without running the EncFS command. This provides good security – no one can access or view your encrypted files until you run the command.

Just re-run the same command you ran earlier to remount your EncFS file system. For example, we’d run the following command:

encfs ~/Dropbox/encrypted ~/Private

You’ll have to provide your password.

If you want your EncFS file system automatically mounted each time you log in, you can use gnome-encfs. gnome-encfs adds your EncFS password to your GNOME keyring and automatically mounts it each time you log in.

Comments (10)

Thanks. This seems to be an alternative to Boxcryptor. When using encryption, it should always be done on the user side with programs like these. The file or volume travels through the pipes already encrypted, and the key or passphrase is never in hands of third parties (server side encryption). In this way you comply with the TNO principle = Trust No One :-).